bos Posted June 23, 2015 Share Posted June 23, 2015 In product list, I rightclick and open 10 products in new tabs to be able to edit them in parallell. Editing the first item is fine. Editing the rest gives this message: "Security Alert: Possible Cross-Site Request Forgery (CSRF) or browser back button used." and my edits are gone.This is no CSRF, whatever that means, and I really want the ability to edit in parallell, so how do I disable this check? Quote Link to comment Share on other sites More sharing options...
bsmither Posted June 23, 2015 Share Posted June 23, 2015 This is a restriction in CC5/6. One used to be able to do this in CC3/4."Invalid Security Token" happens when CubeCart received submitted form details from a form that was other than just immediately prior fetched from CubeCart.That is, CubeCart sends you the Orders List page. On this page, you have the browser open an Order Summary into a new browser tab. Then you have the browser open a different Order Summary into a third browser tab. The forms on each tab have the same security token.When POSTing a form, CubeCart compares the latest generated security token with the hidden token value submitted with the form. If the same, then all is good. If a mismatch, CubeCart is supposed to ignore the form data submitted and show you the admin Dashboard with a warning.Next, CubeCart generates another security token. This new, current token will no longer match any previously fetched form. Only pages fetched after the very latest form POSTed will have the new, current token.How to disable? I haven't verified this will work, but in /classes/sanitize.class.php, at the end of the file, find:static private function _stopToken() {Add the word return; right after it:static private function _stopToken() { return;Just to be complete in my reply, adding the security token code to CubeCart was done for a reason. Bypassing this code (if it works) may have consequences. Quote Link to comment Share on other sites More sharing options...
bos Posted June 23, 2015 Author Share Posted June 23, 2015 Thank you for explaining. I'm aware that disabling it will most likely have consequences. However, my store is still in the making and unavailable to the public (noone even knows it exists, less where it is), so disabling it during this time will - hopefully - have no big impact. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.